My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Tuesday, August 24, 2004
« Architecture Webcasts for week of July 1... | Main | Search on SecureCoder.com »

Ken on the SC-L Listserve asked for suggestions on ".... first steps that developers might consider, even in the absence of top-level embracing of a more secure development methodology" and Hans Westphal [MS] responded with the following list of excellent resources. I am putting this down for my own benefit!


Subscribe to Security lists:
Sc-l@securecoding.org, NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Self Education through books:

and Webcast's:

MSDN Webcast: Secure Mobile Data Using the Microsoft .NET Compact Framework and SQL CE 2.0 - Level 300
Wednesday, September 01, 2004 - 11:00 AM-12:30 PM Pacific Time
Rob Tiffany, President, Hood Canal Mobility

Would you like to be certain that data on a mobile device is secure? Without needing any knowledge of cryptography, you can build an application that lets users check-in and check-out their sensitive files.  This webcast focuses on building an encrypted, password-protected storage vault for files residing on Pocket PCs.
http://www.placeware.com/cc/mseventsbmo/join?id=1032257382&role=attend&pw=webcast

MSDN Webcast: Essentials of Application Security (Part 1) - Secure Communications - Level: 200
Friday, September 3, 2004 - 9:00 AM-10:00 AM Pacific Time
Ron Cundiff, MSDN Developer Community Champion, Microsoft Corporation
This webcast is the first of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Secure Communications in the context of secure
application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, this presentation concentrates on secure communications as part of a larger
security solution, examining specific techniques such as using certificates in the Secure Sockets Layer (SSL). The webcast includes two demonstrations: Buffer Overruns and SSL Server Certificates.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032257602&Culture=en-US


MSDN Webcast: Essentials of Application Security (Part 2) - Authentication - Level: 300
Tuesday, September 7, 2004 - 9:00 AM-10:00 AM Pacific Time
Ron Cundiff, MSDN Developer Community Champion, Microsoft Corporation
This webcast is the second of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Authentication in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, we concentrate on Authentication as part of a larger security solution, examining specific Authentication techniques and best practices in IIS. The webcast includes two demonstrations: Buffer Overruns and IIS Authentication Techniques.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032257885&Culture=en-US


MSDN Webcast: "Ask The Developer Security Experts" Series: Windows XP Service Pack 2: A Developer Overview - Level: 200
Tuesday, September 7, 2004 - 11:00 AM-12:00 PM Pacific Time
Tony Goodhew, Product Manager, Microsoft
This webcast series brings together some of the sharpest security-focused Microsoft developers to provide expert answers to your security questions. Beginning with a brief overview of Windows(r) XP Service Pack 2 (SP2), we will focus the discussion on what these changes mean for you as a developer and how these changes will affect your various development tools. This presentation will be followed by an
extensive Q&A period where you can "Ask the Experts" your in-depth questions about Windows XP SP2.  Do you have a question you want to submit to the experts before the webcast? Send your security questions
about Windows XP SP2 to our panel of experts ahead of time at devxcast@microsoft.com.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032257887&Culture=en-US


MSDN Webcast: A Hackers View of Your Web Applications Part 1: Procedures for Code Security - Level: 300
Tuesday, September 7, 2004 - 1:00 PM-2:00 PM Pacific Time
Dennis Hurst, Senior Consulting Engineer, SPI Dynamics
With the threat of cyber attacks, today's Web environment has made application security an essential element in the application development lifecycle. The first part of this two part series will define what Web
application security is, why it is needed, and how it differs from other categories of Internet security. Additionally, we will examine appropriate procedures and technologies essential to the security of Web
application code. Through a review of recent Web application breaches, we will expose the prolific methods hackers use to execute break-ins via the Web. By taking an in-depth look at how Web-based applications work and the techniques hackers use to exploit them, you will be better equipped to protect your confidential information.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032257889&Culture=en-US


MSDN Webcast: Essentials of Application Security (Part 3) - Authorization - Level: 300
Friday, September 10, 2004 - 9:00 AM-10:00 AM Pacific Time
Ron Cundiff, MSDN Developer Community Champion, Microsoft Corporation
This webcast is the third of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Authorization in the context of secure
application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, we concentrate on Authorization as part of a larger security solution,
examining Trusted Subsystem Model Authorization techniques and best practices. The webcast includes two demonstrations: Buffer Overruns and Trusted Subsystem Model Authorization Techniques.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032257892&Culture=en-US


MSDN Webcast: A Hackers View of Your Web Applications Part 2: Web Hacking - Attack Scenarios and Examples - Level: 300
Monday, September 13, 2004 - 1:00 PM-2:00 PM Pacific Time
Dennis Hurst, Senior Consulting Engineer, SPI Dynamics
By taking advantage of the public access to a company and using it to subvert your applications, hackers can gain easy access into your company's sensitive backend data. Firewalls and IDS will not stop such
attacks because hackers using the Web application layer are not seen as intruders. In the 2nd part of this two-part series, learn how to defend against attacks at the Web application layer with examples covering
recent hacking methods such as: SQL Injection, Cross Site Scripting, Parameter Manipulation, Session Hijacking, and LDAP Injection.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032257907&Culture=en-US


MSDN Webcast: Overview of XP SP2 for Developers - Level: 200
Tuesday, September 14, 2004 - 9:00 AM-10:30 AM Pacific Time
Tony Goodhew, Product Manager, Microsoft
Review the changes that Windows XP Service Pack 2 delivers and what they mean for you. Windows XP SP2 is designed to deliver a number of safety technologies in the Internet Connection Firewall, Web Browsing
experience, Email /IM and Application Memory Protection. Each of these areas has direct impact on developers and this session covers the major items and what you need to know. Learn how these changes will affect your various development tools.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032257920&Culture=en-US


MSDN Webcast: Implementing Application Security Using the .NET Framework Part 1 - Level: 300
Wednesday, September 14, 2004 - 9:00 AM-10:00 AM Pacific Time
Rob Jackson, Developer Community Champion, Microsoft Corporation
This is part 1 of a 3-part series for experienced developers.  In this series, you will learn how to implement additional security features to secure applications that are built on the .NET Framework. You will learn
how security features are integrated into the .NET Framework. You will learn how to use both code access security and role-based security to limit vulnerabilities. You will also learn how to use the cryptographic
provider support in the .NET Framework to encrypt and sign data. Additionally, you will learn how to secure Web applications and Web services that are built by using ASP.NET. Finally, you will learn a few
tips for writing Security with the .NET Framework.  Parts 2 and 3 of the series will be presented on 9/21 and 9/28, respectively.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032257965&Culture=en-US


MSDN Webcast: Writing Security - Threat Defense Part 1 - Level: 200
Friday, September 17, 2004 - 9:00 AM-10:00 AM Pacific Time
David Deatherage
This is part 1 of a 3-part series for experienced developers.  In this series, you will learn established best practices for applying security principles throughout the development process. You will learn effective
strategies for defending common security threats such as buffer overruns, cross-site scripting, SQL injection, and denial of service attacks.  Parts 2 and 3 of the series will be presented on 9/24 and
10/1, respectively.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032258007&Culture=en-US


MSDN Webcast: Implementing Application Security Using the .NET Framework Part 2 - Level: 300
Tuesday, September 21, 2004 - 9:00 AM-10:00 AM Pacific Time
Ron Cundiff, MSDN Developer Community Champion, Microsoft Corporation
This is part 2 of a 3-part series for experienced developers.  In this series, you will learn how to implement additional security features to secure applications that are built on the .NET Framework. You will learn
how security features are integrated into the .NET Framework. You will learn how to use both code access security and role-based security to limit vulnerabilities. You will also learn how to use the cryptographic
provider support in the .NET Framework to encrypt and sign data. Additionally, you will learn how to secure Web applications and Web services that are built by using ASP.NET. Finally, you will learn a few
tips for writing Security with the .NET Framework.  Part 3 of the series will be presented on 9/28.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032258017&Culture=en-US


MSDN Webcast: "Ask The Developer Security Experts" Series: Using WSE to Secure your Web Services with WS-Security - Level: 200
Thursday, September 23, 2004 - 11:00 AM-12:00 PM Pacific Time
Maarten Van De Bospoort, Consultant, Microsoft Corporation
This webcast series brings together some of the sharpest security-focused Microsoft developers to provide expert answers to your questions about securing your Web services. We will begin this webcast with a brief discussion of the advantages of using WS-Security over traditional wire level security on the protocol level, including an explanation of how WS-Security is built upon XML security and how the new Web Services Enhancements (WSE) make this easy to implement. After this overview, this session will continue with an extensive Q&A period where you can "Ask the Experts" your in-depth questions about securing your web services with WS-Security and WSE.  Do you have a question you want to submit to the experts before the webcast? Send your questions about securing Web services to our panel of experts ahead of time to
devxcast@microsoft.com.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032258027&Culture=en-US


MSDN Webcast: Writing Security - Threat Defense Part 2 - Level: 200
Friday, September 24, 2004 - 9:00 AM-10:00 AM Pacific Time
Ron Cundiff, MSDN Developer Community Champion, Microsoft Corporation
This is part 2 of a 3-part series for experienced developers.  In this series, you will learn established best practices for applying security principles throughout the development process. You will learn effective
strategies for defending common security threats such as buffer overruns, cross-site scripting, SQL injection, and denial of service attacks.  Part 3 of the series will be presented on 10/1.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032258029&Culture=en-US


MSDN Webcast: Implementing Application Security Using the .NET Framework Part 3 - Level: 300
Tuesday, September 28, 2004 - 9:00 AM-10:00 AM Pacific Time
Rob Jackson, Microsoft Corporation
This is part 3 of a 3-part series for experienced developers.  In this series, you will learn how to implement additional security features to secure applications that are built on the .NET Framework. You will learn
how security features are integrated into the .NET Framework. You will learn how to use both code access security and role-based security to limit vulnerabilities. You will also learn how to use the cryptographic
provider support in the .NET Framework to encrypt and sign data. Additionally, you will learn how to secure Web applications and Web services that are built by using ASP.NET. Finally, you will learn a few tips for writing Security with the .NET Framework.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032258031&Culture=en-US

MSDN Webcast: Windows XP Server Pack 2 Change Walkthrough - Level: 300
Tuesday, September 28, 2004 - 11:00 AM-12:30 PM Pacific Time
Tony Goodhew, Product Manager, Microsoft
This session is a detailed walkthrough of the changes to Windows XP with Service Pack 2. It will cover the 4 major areas of change - Networking, Web Browsing, Email/IM and Hardware. In each of these sections the
change and its implication will be discussed.
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032258033&Culture=en-US

Tags:: Security
8/24/2004 9:15 PM Eastern Daylight Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.